diff options
author | Kang Kai <kai.kang@windriver.com> | 2014-10-29 09:40:08 +0800 |
---|---|---|
committer | Paul Eggleton <paul.eggleton@linux.intel.com> | 2014-10-31 11:35:25 +0000 |
commit | a4fd0b34103f3fc6365eb154ea5277485ed01a5c (patch) | |
tree | 8257c1c6f68300a33a9023f65d820a39ddfeeaed /meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb | |
parent | 6aee5729848d48f57fdab9c6aafc61f86ad86135 (diff) | |
download | meta-openembedded-contrib-a4fd0b34103f3fc6365eb154ea5277485ed01a5c.tar.gz |
apache: add fix for CVE-2014-0117 Security Advisory
The patch comes from upstream:
http://svn.apache.org/viewvc?view=revision&revision=1610674
SECURITY (CVE-2014-0117): Fix a crash in mod_proxy. In a reverse proxy
configuration, a remote attacker could send a carefully crafted request which
could crash a server process, resulting in denial of service.
Thanks to Marek Kroemeke working with HP's Zero Day Initiative for reporting
this issue.
Submitted by: Edward Lu, breser, covener
Signed-off-by: Zhang Xiao <xiao.zhang@windriver.com>
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Diffstat (limited to 'meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb')
-rw-r--r-- | meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb index 573cd6fb00..d79d40bd2c 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.10.bb @@ -19,7 +19,9 @@ SRC_URI = "http://www.apache.org/dist/httpd/httpd-${PV}.tar.bz2 \ file://0001-configure-use-pkg-config-for-PCRE-detection.patch \ file://init \ file://apache2-volatile.conf \ - file://apache2.service" + file://apache2.service \ + file://apache-CVE-2014-0117.patch \ + " LIC_FILES_CHKSUM = "file://LICENSE;md5=dbff5a2b542fa58854455bf1a0b94b83" SRC_URI[md5sum] = "44543dff14a4ebc1e9e2d86780507156" |